n8n Webhook Exploit, Critical nginx-ui Vulnerability, PHANTOMPULSE Implant and More

THN Daily Updates The Art of Attack: Attacker Mindset for Security Professionals ($30.00 Value) FREE for a Limited Time Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers Download Now Sponsored LATEST NEWS Apr 16, 2026 [Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employe... Read More Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the&n... Read More 10 Questions Your Automated Pentesting Vendor Hopes You Won't Ask Get your vendor-neutral checklist to audit what your validation program actually covers. Read More Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called... Read More Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security ... Read More UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospit... Read More n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerpri... Read More Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS... Read More The Art of Attack: Attacker Mindset for Security Professionals ($30.00 Value) FREE for a Limited Time Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi